Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding CVE-2019-11043 with fixed versions 7.1.32 and 7.3.9. #33

Merged
merged 3 commits into from Nov 4, 2019
Merged

Adding CVE-2019-11043 with fixed versions 7.1.32 and 7.3.9. #33

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
679422f
Adding CVE-2019-11043 with fixed versions 7.1.32 and 7.3.9. I'll upda…
lightswitch05 Oct 24, 2019
b2bd10f
Added PHP 7.1.33 patch for CVE-2019-11043
lightswitch05 Oct 28, 2019
006369f
Added missing threat and summary details
lightswitch05 Nov 1, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
14 changes: 13 additions & 1 deletion src/Psecio/Versionscan/checks.json
View file
Open in desktop
Expand Up @@ -7444,6 +7444,18 @@
]
}
},
{
"threat": "9.8",
"cveid": "CVE-2019-11043",
"summary": "In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.",
"fixVersions": {
"base": [
"7.1.33",
"7.2.24",
"7.3.11"
]
}
},
{
"threat": "7.5",
"cveid": "CVE-2019-13224",
Expand All @@ -7456,5 +7468,5 @@
}
}
],
"updatedAt": "2019-08-30T16:14:47+00:00"
"updatedAt": "2019-10-28T12:41:39+00:00"
}